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DETAILED ACTION 
Response to Affidavit 

1. The affidavit filed on January 12, 2004 under 37 CFR 1.131 has been considered 
but is ineffective to overcome the Kahan reference. 

2. The evidence submitted is insufficient to establish a reduction to practice of the 
invention in this country or a NAFTA or WTO member country prior to the effective date 
of the Kahan reference. There is not evidence submitted to support applicant's 
reduction to practice. 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

4. Claims 3, 5-6, 13-15, 17-21, 23, 32, 35-38, 49-54, 56-63, 67-75, 77, 79-93, 101- 
102, 104, 106, 112-115 are rejected under 35 U.S.C. 102(a) as being anticipated by 
Jose Kahan, A capability-based authorization model for the World Wide Web (hereafter 
referred to as Kahan). 

Regarding claim 3, Kahan taught a method of processing service requests from a 
client to a server system through a network (abstract, page 1 ) comprising: 
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forwarding a service request from the client to the server system, wherein the 
communications between the client and server system are according to hypertext 
transport protocol (2.3 Consultation phase, pages 5-6); 

returning a session identifier from the server system to the client, the client 
storing the session identifier for use in subsequent distinct requests to the server 
systems (Table 1 , page 5); and 

appending the stored session identifier to each of the subsequent distinct 
requests from the client to the server system (Table 1 , page 5). 

Regarding dependent claim 5, Kahan taught the session identifier includes a user 
identifier (Table 4, page 7). 

Regarding dependent claim 6, Kahan taught the session identifier includes an 
expiration time for the session (Table 4, page 7). 

Regarding dependent claim 13, Kahan taught the server system assigns the 
session identifier to an initial service request to the server system (Table 1 , page 5). 

Regarding dependent claim 14, Kahan taught the server system subjects the 
client to an authorization routine prior to issuing the session identifier (Table 1 , page 5) 
and the session identifier is protected from forgery (Table 2, page 6). 

Regarding dependent claim 15, Kahan taught plural servers including an 
authentication server which provides session identifier for service requests to multiple 
servers (2.1.1 Entities, authorization server, AUS, page 4). 

Regarding dependent claim 17, Kahan taught a method wherein the session 
identifier includes a user identifier (Table 4, page 7). 
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Regarding dependent claim 18, Kahan taught the session identifier has an 
expiration time includes an expiration time for the session (Table 4, page 7). 

Regarding dependent claim 19, Kahan taught the session identifier provides 
access to a protected domain to which the session has access authorization (2.1 
Authorization domain, pages 3-4). 

Regarding dependent claim 20, Kahan taught the session identifier is modified 
for access to a different protected domain (access rights are generated per root 
document, page 4). 

Regarding dependent claim 21 , Kahan taught the session identifier provides a 
key identifier for key management (2.1.2 Digital signature mechanism, page 4). 

Regarding dependent claim 23, Kahan taught the access rights of the client are 
fully contained within the session identifier (Tables 1-3, page 5-6). 

Regarding dependent claim 32, Kahan taught the authorization identifier is 
encoded within a session identifier which is appended to the requested (Table 3, page 
6). 

Regarding claim 35, Kahan taught an information system on a network (abstract, 
page 1), comprising: 

means for receiving service requests from client and for determining whether a 
service request includes a session identifier, wherein communications to and from the 
clients are according to hypertext transfer protocol (2.3 Consultation phase, pages 5-6); 

means for providing the session identifier in response to an initial service request 
in a session of requests (Table 1, page 5); 
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means for storing, at the client, the session identifier for use in each 
communication to the server system (Table 1, page 5); 

means for appending the stored session identifier to each of subsequent service 
communications from the client the server system (Table 1 , page 5); and 

means for servicing the subsequent service requests (Table 1 , page 5). 

Regarding dependent claim 36, Kahan taught the access rights of the client are 
fully contained within the session identifier (Table 2, page 6). 

Regarding dependent claim 37, Kahan taught the means for providing the 
session identifier is in a server system which services the requests (2.1.1 Entities, page 
4). 

Regarding dependent claim 49, Kahan taught the session identifier is 
cryptographically generated (Table 2, page 5). 

Regarding dependent claim 50, Kahan taught further comprising: 

returning a response to the client, the response redirecting an initial service 
request to an authentication server, the authentication server providing the session 
identifier (2.3 Consultation phase, last 2 paragraphs, pages 5-6). 

Regarding dependent claim 51, Kahan taught wherein the session identifier is 
appended to at least one path name in a document returned by the server system (2.3 
Consultation phase, capability included in request for root document, page 6, 
documents are accessed by URLs, page 8). 
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Regarding dependent claim 52, Kahan taught the at least one path name is a link 
in the returned document (2.3 Consultation phase, document structure includes access 
to other content, page 5). 

Regarding dependent claim 53, Kahan taught the link is an absolute link 
(documents addressed by URLs, page 8). 

Regarding dependent claim 54, Kahan taught the link comprises a uniform 
resource locator (documents addressed by URLs, page 8). 

Regarding dependent claim 56, Kahan taught the session identifier is 
cryptographically generated (digital signature, Table 2, page 6). 

Regarding dependent claim 57, Kahan taught the session identifier is directed to 
an accessible domain (2.1.1 Entities, page 4). 

Regarding dependent claim 58, Kahan taught the session identifier includes an 
expiration time for the session (Table 2, page 6). 

Regarding dependent claim 59, Kahan taught the session identifier comprises a 
date (Table 2, page 6). 

Regarding dependent claim 60, Kahan taught the session identifier comprises a 
key identifier (digital signature, Table 2, page 6). 

Regarding dependent claim 61 , Kahan taught the session identifier comprises an 
address of the client (Table 3, page 6). 

Regarding dependent claim 62, Kahan taught the session identifier comprises an 
unforgeable digital signature (Table 2, page 6). 
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Regarding dependent claim 63, Kahan taught the authorization identifier is 
provided by an authentication server (Table 1 , page 5). 

Regarding dependent claim 67, Kahan taught the session identifier is designated 
by the server system (2.1 .1 Entities, page 4), further comprising the steps of: 

validating, at the server system, the appended session identifier (Table 1, page 
5); returning a controlled document if the appended session identifier is valid (2.3 
Consultation phase, 2 nd to last paragraph, page 5). 

Regarding dependent claim 75, Kahan taught the session identifier facilitates 
authenticated accesses across multiple servers (2.1.1 Entities, page 4). 

Regarding claim 79, Kahan taught a method of processing service requests from 
a client to a server system through a network (abstract, page 1), 

forwarding the service request from the client to the server system, wherein the 
communications between the client and server system are according to hypertext 
transfer protocol (abstract, page 1 ); 

returning a session identifier from the server system to the client, the client 
storing the session identifier for use in subsequent communications (Table 4); 

at the client, appending as part of a path name in a uniform resource locator the 
stored session identifier to each subsequent service request from the client to the 
service system within a session requests (client includes capability in request, 2.3 
Consultation phase, pages 5-6). 

Regarding dependent claim 101 , Kahan taught the session identifier is appended 
by the client (client includes capability in request, 2.3 Consultation phase, pages 5-6). 
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Regarding dependent claim 102, Kahan taught the session identifier is 
cryptograph ically generated (Table 2, page 6). 

Regarding dependent claim 104, Kahan taught the document is returned 
electronically (2.3 Consultation phase). 

Regarding dependent claim 106, Kahan taught the authorization identifier is 
appended to a uniform resource locator (client includes capability in request, 2.3 
Consultation phase, pages 5-6). 

Regarding claims 112-115, the language of claims 112-115 is substantially the 
same as previously rejected claims 3, 5-6, 13-15, 17-21, 23, 32, 35-38, 49-54, 56-63, 
67-75, 77, 79-93. Therefore, claims 112-115 are rejected on the same rationale as 
claims 3, 5-6, 13-15, 17-21, 23, 32, 35-38, 49-54, 56-63, 67-75, 77, 79-93. 
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Claim Rejections - 35 USC § 103 



5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 7-12, 22, 24-26, 31 , 33-34, 39-43, 55, 76, 78, 108-1 1 1 are rejected under 
35 U.S.C. 103(a) as being unpatentable Kahan in view of Filepp et al., U.S. Patent No. 
5,347,632 (hereafter referred to as Filepp). 

Regarding dependent claim 7, Kahan does not specifically teach the server 
system recording a transaction log. However, Filepp taught a method wherein the 
server system records information in a transaction log in the server system (col. 93, 
lines 28-30). 

Regarding dependent claim 8, Kahan does not specifically teach the server 
tracking the access history of the session. However, Filepp taught a server system that 
tracks the access history of sequences of service requests within a session of requests 
(col. 93, lines 16-24). 

Regarding dependent claim 9, Kahan does not specifically teach the server 
system tracking the access history to determine requests leading to purchases. 
However, Filepp taught the server system tracking the access history to determine 
requests leading to purchases (within usage characteristics, col. 93, lines 28-30). 

Regarding dependent claim 10, Kahan does not specifically teach a server 
system counting the requests. However, Filepp taught a server system counts requests 



Application/Control Number: 09/005,479 Page 10 

Art Unit: 2155 

to particular services exclusive of repeated requests from a common client (col. 93, 
lines 28-34). 

Regarding dependent claim 1 1 , Kahan does not specifically teach a database 
relating customer information to access patterns. However, Filepp taught the server 
system maintains a database relating customer information to access patterns (col. 93, 
lines 28-43). 

Regarding dependent 12, Kahan does not specifically teach information that 
includes customer demographics. However, Filepp taught wherein the information 
includes customer demographics (col. 9, lines 38-44). 

Regarding dependent claim 22, Kahan does not specifically teach a transaction 
log in the server system. However, Filepp taught a method wherein the server system 
records information from the session identifier in a transaction log in the server system 
(col. 93, lines 27-47). 

Regarding dependent claim 24, Kahan taught a service request is for a document 
(2.3 Consultation phase, page 5) and the session identifier includes user identification 
(Table 4, page 7), further comprising: 

returning the requested document (2.3 Consultation phase, page 5). Kahan does 
not specifically teach wherein the document is customized for a particular user based on 
the user identification of the session identifier. However, Filepp taught the document is 
customized for a particular user based on the user identification of the session identifier 
(col. 9, lines 27-47). 
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Regarding dependent claim 25, Kahan taught a service request is for a 
document, the session identifier comprises an authorization identifier (Table 3-4, pages 
6-7), and further comprising: 

returning the requested document if the authorization identifier indicates that the 
user is authorized to access the document (2.3 Consultation phase, page 5). Kahan 
does not specifically teach a document which has been purchased by the user. 
However, Filepp taught a document which has been purchased by the user (col. 6, lines 
45-51,56-60) 

Regarding dependent claim 26, Kahan taught a service request is for a document 
wherein the session identifier comprises a user identifier (Table 4, page 7), further 
comprising: 

returning the requested document to the client (2.3 Consultation phase, page 5). 
Kahan does not specifically teach charging the user identified in the identifier for access 
to the document. However, Filepp taught charging the user identified in the identifier for 
access to the document (col. 6, lines 57-61 ). 

Regarding dependent claim 31 , Kahan taught at least one service request 
comprises a document request, wherein the session identifier comprises an 
authorization identifier (Table 3-4, pages 6-7), the method further comprising: 

returning the requested document if the authorization identifier indicates the user 
is authorized to access the document (2.3 Consultation phase, page 5). Kahan does not 
specifically teach a document which has been purchased by a user. However, Filepp 
taught a document which has been purchased by a user (col. 6, lines 45-51 , 56-60). 
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Regarding dependent claim 33, Kahan taught at least one service request 
comprises a request for a document, wherein the session identifier is designated by the 
server system, said method comprising: 

returning the requested document to the client (2.3 Consultation phase, page 5). 
Kahan does not specifically teach charging the user identified in the session identifier 
for access to the document. However, Filepp taught charging the user identified in the 
session identifier for access to the document (col. 6, lines 57-61 ). 

Regarding dependent claim 34, Kahan taught a user identifier is encoded within 
a session identifier which is appended to the request (Table 4, page 7). 

Regarding dependent claim 55, Kahan does not specifically teach the step of 
appending the session identifier comprises filtering the requested document. However, 
Filepp taught filtering the requested document (filtering by providing customized 
advertisements, col. 9, lines 38-44) 

Regarding dependent claim 76, Kahan does not specifically teach the document 
is customized for a particular based on user identification of the session identifier. 
However, Filepp taught the document is customized for a particular based on user 
identification of the session identifier (col. 9, lines 27-47). 

Regarding dependent claim 108, Kahan does not specifically teach purchasing a 
product. However, Filepp taught a service request is a request to purchase a product 
(col. 6, lines 45-51). 

Regarding dependent claim 109, Filepp taught the product is transmitted over a 
network (col. 6, lines 45-51 , 56-60). 
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Regarding dependent claim 110, Filepp taught the product is a newspaper/ 
newsletter article (col. 6, lines 45-51 , 56-60). 

Regarding dependent claim 111, Filepp taught the product is a durable product 
(col. 6, lines 56-60). 

As to dependent claims, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made that incorporating Filepp's features in Kahan's 
authorization system would have improved system flexibility. The motivation would have 
been to adapt Kahan's distributed authorization system to the individual needs of the 
potential users. 

7. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over in view 
of Johnson et al., U.S. Patent No. 5,560,008 (hereafter referred to as Johnson). 

Regarding dependent claim 16, Kahan does not teach another method of 
redirecting. However, Johnson taught a method wherein a client directs a service 
request to a first server which is to provide the requested service; 

the first server checks the service request for a session identifier (credential id) 
and only services a request having a valid session identifier (credential id), 

and where the service request has no valid identifier, the first server redirects the 
service request from the client to the authorization server (authentication agent); 

the authorization server (authentication agent) subjects the client to the 
authorization routine and issues the session identifier (credential id) to be appended to 
the service request to the first server; 
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the client forwards the service request appended with the session identifier 
(credential id) to the first server; 

the first server recognizes the session identifier (credential id) and services the 
service request to the client; and, 

the client appends the session identifier (credential id) to subsequent service 
requests to the server system and is serviced without further authorization. Benson 
does not specifically teach an authorization server. However, Kahan taught a client, a 
first server, and an authorization server (Figure 2, col. 5). It would have been obvious to 
one of ordinary skill in the art at the time the invention was made that incorporating 
Johnson's redirecting mechanism to subsequent requests in Kahan distributed 
authorization system would have improved system transparency. The motivation would 
have been to alleviate the user from having to remember which documents require 
access rights and which documents do not. 

8. Claims 96-98, 100, 103 and 105 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kahan in view of Dedrick, U.S. Patent No. 5,768,521 (hereafter 
referred to as Dedrick). 

Regarding dependent claim 96, Kahan does not specifically teach how a user is 
charged. However, Dedrick taught servicing a request (col. 3, lines 50-56); and 
automatically charging a user identified by the session identifier for the service provided 
(col. 3, lines 60-63). 

Regarding dependent claim 97, Kahan does not specifically teach a purchase 
request. However, Dedrick taught at least one service request comprises a purchase 
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request (review of the request indicates the user is not a subscriber), the purchase 
request including an associated user identifier (request includes information identifying 
whether the user is a subscriber), the method further comprising: accessing, upon 
receipt of the purchase request at the server system, user information associated with 
the user identifier sufficient to charge an account associated with the user the purchase 
price of the product identified by the purchase request (col. 3, lines 31-41 , 60-63); 

charging the user for the product identified by the purchase request according to 
the user information (col. 7, lines 29-35); and 

fulfilling the purchase request based on the user information (col. 7, lines 35-37). 

Regarding dependent claim 98, Kahan taught the client includes the user 
identifier in a session identifier (Table 4, page 7) and taught the session identifier 
appended to the request (2.3 Consultation phase, page 5). Kahan does not specifically 
teach the request is a purchase request. However, Dedrick taught the request is a 
purchase request (col. 7, lines 32-37) 

Regarding dependent claim 100, Kahan does not specifically teach how a 
purchasing request. However, Dedrick taught under control of a client system, 

displaying information identifying a product (col. 7, lines 18-23); and 

in response to a user selection of a hyperlink (inherent, information distributed 
according to hypertext markup language, col. 4, lines 36-38) associated with a product 
desired to be purchased, sending a request to purchase the item along with an identifier 
of a purchaser of the item to a server system (id whether client is a subscriber, col. 7, 
lines 18-26); and 



Application/Control Number: 09/005,479 Page 16 

Art Unit: 2155 

under the control of the server system, upon receiving the request, retrieving 
additional information previously stored for the purchaser identified by the identifier in 
the received request (retrieving profile containing account information, col. 3, lines 31- 
41,60-63); 

charging the user the purchase price of the product (metering server debits the 
user account, col. 7, lines 32-37); and 

fulfilling the request for the product (sending information, col. 7, lines 32-37). 

Regarding dependent claim 103, Kahan does not specifically teach how a user is 
charged. However, Dedrick taught identifying the user from the authorization identifier 
(identifying subscriber authorization, col. 3, lines 50-56); and 

automatically charging the identified user for the document (col. 3, lines 60-63). 

Regarding dependent claim 105, Kahan does not specifically teach a physical 
copy of the document is sent. However, Dedrick taught a physical copy of the document 
is sent (through the purchasing options the user is able to retrieve requested information 
by printing, i.e. physical copy, col. 3, lines 25-27). 

Regarding claims 96, 97, 100, 103, 105, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made that incorporating Dedrick's 
metering mechanisms for charging users for electronic information in Kahan's 
distributed authorization system would have extended the system to incorporate more 
mechanism to provide a better interactive environment. The motivation would have to 
provide a mechanism to allow a system to automatically debit and bill a user for 
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consuming requested electronic information from the web database (Dedrick, col. 1, 
lines 54-56). 

Statements concerning the remaining claims 

The language of claims 38-43 is substantially equivalent to the language of 
previously rejected claims 14, 7-8, 10-12. Therefore, claims 38-43 are rejected on the 
same rationale as claims 14, 7-8, 10-12, respectively. 

The language of claims 68-74 is substantially equivalent to the language of 
previously rejected claims 56-62. Therefore, claims 68-74 are rejected on the same 
rationale as claims 56-62, respectively. 

The language of claims 77-78 is substantially equivalent to the language of 
previously rejected claims 51 and 55. Therefore, claims 77-78 are rejected on the same 
rationale as claims 51 and 55, respectively. 

The language of claims 80-93 is substantially equivalent to the language of 
previously rejected claims 49-62. Therefore, claims 80-93 are rejected on the same 
rationale as claims 49-62, respectively. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Patrice Winder whose telephone number is 703-305- 
3938. The examiner can normally be reached on Monday-Friday, 10:30 am-7:00 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hosain Alam can be reached on 703-308-3662. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Patrice Winder 
Primary Examiner 
Art Unit 21 55 
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